What is the Microsoft Graph Activity Log?
In this blog, we dive into Jasper Baes' Conditional Access Validator, open-source PowerShell tool that automatically generates Maester tests for Conditional Access.
When administrators create new Entra ID apps, the apps don't have an owner unless an owner is explicitly assigned. The net result is that a tenant can end up with many ownerless apps. In this article, we explain how to find ownerless apps, and how to use audit data to find suitable owners for those apps. All done with PowerShell, of course.
The new Purview eDiscovery implementation supports a Graph API. Where there's a Graph API, there are PowerShell cmdlets based on the API. This article explains how to use PowerShell to automate different aspects of eDiscovery cases. PowerShell can't review the items found by searches, but it can handle most of the other processing.
In this episode of Practical Protection, we dive into the basics of Threat Hunting, tools you can use, and even some DIY hunting advice.
In this episode, Steve Goodman and Bastiaan Verdonk interview Victor King from Quest Software, on best practices for Active Directory security. They discuss identifying misconfigurations, managing privileged access, and continuous environmental monitoring.
In the first installment of Securing Microsoft 365 with Graph Activity Logs, Mezba Uddin dives into the essentials of the Microsoft Graph Activity Log, what it does, its importance for visibility, and how to get it running to start seeing it's data.
A reader wants to remove all calendar items over a certain age. Compliance purge actions seem like a good way to do this, but there's a problem that needs to be fixed. eDiscovery purges can do the job, but only if you have eDiscovery Premium. And then there's Graph APIs to consider. All in all, many ways exist to purge calendar items.
Everyone learns from experience. This article covers five important building blocks for writing great Graph PowerShell scripts, the product of hard-won experience and many mistakes. Filtering, properties, permissions, and pagination all make the list.
PowerShell scripting becomes far more powerful when you master collections like arrays and hash tables. In this article, we review the basics of standard collection types. Then, walk through additional useful options that leverage other object types available through the .NET Framework.
This article explains how to scope groups administration using apps and restricted administration units to make sure that only certain administrators can manage certain groups programmatically. Although this is probably not something that is needed for some tenants, it's a technique that could be used in many situations.
Calendar events make up user and group calendars. It's possible to create, update, cancel, and remove calendar appointments and meetings, including recurring events, through the Graph API. This article explains how to pass all the properties needed to create and manage events using PowerShell and the Graph APIs.
In this installment of Practical Protection, we look at Microsoft’s new OneDrive feature that prompts users to sync personal accounts on managed devices. While intended to reduce shadow IT, it risks exposing corporate data. With no option for admins to opt-out, we provide some advice on what you should do to prepare.
